Overview

overview

7

Static

static

3

132e5db6d0...cs.exe

windows7-x64

7

132e5db6d0...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    132e5db6d0fc8a805c901a29d4a237f0_NeikiAnalytics.exe

  • Size

    12KB

  • Sample

    240522-bjmgmsfe89

  • MD5

    132e5db6d0fc8a805c901a29d4a237f0

  • SHA1

    1b152941db92bdf154d830d0202711f421a2f519

  • SHA256

    42b841392f7517a0a0ade88f3252a6b210f89c12a64789bea4beac6ea10c48bc

  • SHA512

    04bf7bac50ee74ee104208e58388cf421d26868a6adbd2e97716cf8da1827cf25ec7a365b0c1dd62451e5858e158d4502c4e519d59025e40a4059b25815f1f91

  • SSDEEP

    384:jL7li/2zpq2DcEQvdhcJKLTp/NK9xalA:nxM/Q9clA

Score
7/10

Malware Config

Targets

    • Target

      132e5db6d0fc8a805c901a29d4a237f0_NeikiAnalytics.exe

    • Size

      12KB

    • MD5

      132e5db6d0fc8a805c901a29d4a237f0

    • SHA1

      1b152941db92bdf154d830d0202711f421a2f519

    • SHA256

      42b841392f7517a0a0ade88f3252a6b210f89c12a64789bea4beac6ea10c48bc

    • SHA512

      04bf7bac50ee74ee104208e58388cf421d26868a6adbd2e97716cf8da1827cf25ec7a365b0c1dd62451e5858e158d4502c4e519d59025e40a4059b25815f1f91

    • SSDEEP

      384:jL7li/2zpq2DcEQvdhcJKLTp/NK9xalA:nxM/Q9clA

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks